Former Nuclear Scientist Pleads Guilty To Attempting Spear Phishing U.S. Government Employees

Charles Harvey Eccleston, 62, a former U.S. government scientist, has pleaded guilty to a federal offense for an attempted e-mail “spear-phishing” attack in January 2015 targeting Department of Energy (DOE) employee email accounts. He pled guilty to attempted unauthorized access and intentional damage to a government computer. He also pled guilty to criminal forfeiture.

“Eccleston admitted that he attempted to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” said Assistant Attorney General for National Security John P. Carlin, according to a U.S. Department of Justice release.

Justice Official Thanks FBI

“This prosecution underscores our commitment to prosecute those who carry out or plan cyber-attacks against our government, whether they are in the United States or in remote locations overseas,” said U.S. Attorney Channing D. Phillips of the District of Columbia U.S. Attorney Phillips. “Thanks to the work of the FBI, this former federal employee was arrested before he could do any damage and he now is being held accountable for actions that could have threatened our national security.”

Eccleston worked as a scientist for the Nuclear Regulatory Commission (NCR) and the Department of Energy (DOE), according to court documents. In this role, he had a security clearance granting him access to nuclear energy program information. He left his position in 2010 and moved to the Philippines in 2011.

Eccleston Offers Email List

In April of 2013, Eccleston visited a foreign nation’s embassy in Manila and told them he had secret U.S. government information he wished to sell them. He offered a list of 5,082 email accounts of U.S. energy agency employees, engineers and officials in exchange for $18,800.

Asked the benefit of this information, Eccleston said the addresses were top secret and were used for official correspondence between employees and officials.

Asked what he would do if the country was not interested in the information, Eccleston said he would offer it to Iran, China or Venezuela. He provided the embassy official a contact email and a code to use if they wanted to pay him.

FBI Goes Undercover

The embassy official informed the FBI. An FBI agent then contacted Eccleston posing as an intelligence agent for the foreign country.

Meeting at a hotel in Manila on Nov. 7, 2013, Eccleston told the undercover FBI agent that he held a top secret security clearance and worked on top secret projects. He said he had previously tried to sell U.S. government information to China and Venezuela but did not get access to officials from those countries.

Eccleston showed the agent a list of about 5,000 email addresses and names of NRC employees and offered to sell it for $23,000. He said the addresses could be used to insert a virus into NRC computers.

He also said emails could be sent to these accounts to shut down NRC servers. He offered to develop and implement such a plan. He gave details about how he would do this.

Eccleston further suggested the agent could re-sell the addresses to Hezbollah.

He told the agent that if he did not get back to him in 60 days, he would sell the information to the French.

The undercover agent agreed to buy a thumb drive containing about 1,200 NRC employee email addresses. The agent gave him $5,000 for the addresses and another $2,000 for expenses.

Phishing Attack Planned

Eccleston met with a second undercover agent on June 24, 2014 in a Manila hotel. This agent paid him $2,000 for his travel time. Eccleston said he had a list of 30,000 email accounts at the DOE that contained every scientist and engineer responsible for designing, researching and building U.S. nuclear weapons. He repeated his plan for conducting a cyber attack on a U.S. government agency.

During this meeting, Eccleston agreed to pursue the plan in exchange for $1,000 for each recipient who received an infected email.

In July of 2014, Eccleston sent documents to the undercover agent using a cloud-based file service. One document contained a chart including names, email addresses, and identified positions of 55 DOE employees. It included an assessment of the type of information to which the individuals had access.

Malicious Software Implanted

In January of 2015, Eccleston asked the undercover agent for a link to a malicious computer code to plant into an email he had drafted. He later sent the agent a different version of the email containing the link the agent had provided him to about 80 DOE employees. He believed he would receive about $80,000 for this activity by the foreign country.

A search of the DOE servers confirmed the email reached the intended recipients at Oak Ridge National Laboratory in Tennessee, Los Alamos National Laboratory and Sandia National Laboratory, both in New Mexico, Lawrence Livermore National Laboratory in California, and the DOE in Washington, D.C.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (0 votes, average: 0.00 out of 5)You need to be a registered member to rate this.Loading...

4.8 stars on average, based on 3 rated postsLester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.

Leave a Reply

Skepticism Grows Over BitGrail’s Supposed $167 Million Hack

A relatively unknown cryptocurrency exchange by the name of BitGrail has informed its users of a coordinated cyber attack targeting Nano (XRB) tokens. However, the incident does not appear to be holding up to scrutiny after the founder of the exchange made an odd request to the developers of Nano shortly after discovering the alleged theft.

BitGrail Exchange Allegedly Compromised

The Italian exchange issued a notice to its clients last week informing them that 17 million XRB tokens were compromised in a cyber attack. The XRB token, formerly known known as Raiblocks, is valued at $9.80 at the time of writing for a total market cap of $1.3 billion. That puts the total monetary loss of the supposed heist at nearly $167 million.

Parts of the notice have been translated into English from the original Italian by Tech Crunch, a media company dedicated to startups and technology news. According to the agency, BitGrail has stated the following:

“… Internal checks revealed unauthorized transactions which led to a 17 million Nano shortfall, an amount forming part of the wallet managed by BitGrail… Today a charge about those fraudulent activities has been submitted to the competent authorities and now is under police investigation.”

The notice indicated that all transactions have been put on hold until authorities complete their investigation.

Very little is known about BitGrail, as it is not listed among the 183 exchanges whose volume is ranked by CoinMarketCap.

Suspicion Grows

Unlike other crypto heists, the circumstances surrounding the alleged BitGrail attack have been met with widespread suspicion. As David Z. Morris of Fortune rightly notes, this isn’t the first time BitGrail has suspended Nano withdrawals. The same thing happened in early January when the exchange halted not only Nano, but Lisk and CryptoForecast transactions as well.

The suspension was followed by an announcement that the exchange was taking measured steps to verify users and enforce anti-money laundering requirements. It was around this time that users became suspicious that BitGrail was going to cut and run with their tokens.

BitGrail founder Francesco Firano made an unusual request to the developers of Nano following the alleged attack: he asked them to fork their record, a move that would essentially restore the stolen funds.

Nano officially rejected the request on Friday, the day after Firano supposedly discovered the stolen coins. In a post that appeared on the Nano Medium page, the team said:

“We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”

Last month, hackers made off with more than $400 million worth of NEM tokens stolen from Coincheck, a Japan-based cryptocurrency exchange. The coins have yet to be recovered and the perpetrators remain at large. In 2014, a cyber heist brought down Mt Gox, which was the world’s largest exchange.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (1 votes, average: 5.00 out of 5)You need to be a registered member to rate this.Loading...

4.5 stars on average, based on 145 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.

ICO Analysis: Serenity

During the past few decades, internet connectivity and technological advancement evolved rapidly to satisfy a large spectrum of the digital consumer crowd up to and including finance. The demand for online stock exchange, currency trading and investing has led to the development of thousands of online brokerage platforms and systems all over the globe. However, the lack of regulations when it comes to security and protection exposes the current online market with almost 90% of the platforms being unregulated. This environment attracts ‘scammers’ and creates unhealthy manipulative situations in the sphere, impacting both traders and companies that are involved in the digital markets. Here comes Serenitywith an attempt to change that for good.

Serenity’s financial services promise to create an independent marketplace based on smart contracts, where trading records will be transparent and monitored by a blockchain based platform. Blockchain guarantees transparency and lack of affiliation in order to secure traders from misuse of their funds by centralized exchange markets.

In addition to a secure trading environment, Serenity will allow users to buy, sell and exchange CFDs, futures, cryptocurrencies and even shares for cryptocurrencies all in a decentralized fashion, recorded and monitored by the blockchain in order to avoid the possibility of counterfeiting.

Over the last decade, the online trading process has not changed at all. Forex based exchanges attract popularity due to the lack of regulations while at the same time putting traders’ funds at risk since most of these platforms are not transparent (as we have observed, they can influence their users’ actions, freeze their accounts or deny a withdraw request at any time). Only 10% of the online broker companies have a license to provide intermediary services in the financial sector due to the complicated and expensive procedure that can cost from $200,000 to several millions per company, a sum most are not willing to pay. Serenity plans to radically change that approach by creating a transparent regulatory system powered by the modern blockchain technologies.

The Token

The SRNT token, the native currency of the Serenity financial platform, will be used to purchase, sell, exchange and withdraw digital assets within the platform that will consist of a pool of brokers. After the token sale, the user is free to transfer their SRNT into external exchanges in order to trade them for possible pairs of digital assets which the platform might not support at the moment.

At the pre-ICO, the SRNT token will have a 50% discount and then a 40% to 10% discount during the public sale that will run until March 7.

According to a spokesman for the company, the total token supply will be 400,000,000 SRNT. Anything that will be left behind after the prementioned deadline will be burned. As for the circulating supply, it is not yet fixed and it will be composed after the token sale.

The spokesman tells us that 3% of the funding will be used for bounty rewards and 12% is reserved for the team. As for the rest, we must wait for further official announcements that will take place after the token sale.

Team

At first glance, we can already see a professional team with years of experience in the field. In words, Serenity is not just another cryptocurrency platform made by GitHub coders.

Project co-founder Stanislav Vaneev is the CEO and founder of Grand Capital, an international level financial services company that has a monthly turnover of $6 billion USD and serves over 300,000 clients worldwide. Anton Vasin (co-founder & COO), has more than a decade of experience in the forex sphere and is also the head of risk hedging department. Denis Kulagin (CEO) is a marketing expert for multiple forex companies in China, Indonesia, Vietnam, and India. Vasiliy Alexeev (CTO) is the man behind UpTrader, a global provider of software for brokers. His ten years of experience are also focused on marketing and product development for various Forex companies.

The list goes on and from what we can see here, Serenity has a legit team with solid financial background and not just a ‘collage‘ of individuals that want to enter the blockchain game.

Verdict

In general, more than 6,000 brokers provide online exchange services using MetaTrader platforms. According to industry statistics, around 4 million traders use their platforms on a daily basis. As mentioned before, only a small percent of these companies are actually regulated and can guarantee a risk-free relationship.

Serenity is the first cryptocurrency focused exchange market that will be regulated and at the same time provide traders the ability to invest in broader options such as CFDs and futures.

Of course, regulations could mean that anonymity will be gone, which was the main reason people invested in cryptocurrencies in the first place. At the same time, this is important for professional traders who make a living out of official and licensed exchange markets. Don’t forget that regulations are unavoidable and they are necessary to establish a trusted relationship between governmental institutions and the crypto sphere.

Risks

Taking a look at the Serenity whitepaper can leave more questions than answers, as we had to personally seek assistance from the team in order to understand their token system and other core features. It is not an easy model to understand. -3

We still don’t know what 85% of the total funds will be used for and how the distribution benefits the investor or trader on an immediate scale. -3

Many new cryptocurrency-focused markets ‘pop up’ every couple of months, but none of them can actually compete with already established titans like Binance, Bitfinex, Bittrex etc. The Serenity team looks great but they will have to prove their unique approach with actual numbers before the end of the year. -1

Growth Opportunity

After multiple cases, including the recent DDOS attack on Binance and the attack on the Japanese exchange market Coincheck, a transparent and professional market is needed as soon as possible. This gives Serenitt a golden opportunity to make.a big difference. +4

Platforms like Bitfinex already set a minimum deposit of $10,000 USD for new accounts and it is most likely that more exchanges will follow with similar internally generated ‘rules’. If cryptocurrency platforms want to stay under the radar and have a nice flow with their respective governments, they will eventually have to be regulated. Serenity solves that issue from the outset. +3

Most online cryptocurrency exchange markets give you the option to exchange between several preset pairs of cryptocurrencies and only with other cryptocurrencies supported by each individual platform respectively. Serenity gives users the option to change their cryptocurrencies into fiat, CFDs or even futures all inside one platform. +4

Disposition

The Serenity team might have some good contacts in the forex scene and Mr. Vaneev’s own Grand Capital has already 300,000 active users that would possible join the new venture, but we must not underestimate “traditional” cryptocurrency markets like Binance which managed to raise 6 million active users in a matter of months.

Serenity can really be a revolutionary step in combining cryptocurrencies with traditionally regulated markets but we must not forget that people choose cryptocurrencies in order to avoid regulations and transparency.

A score of 4 out of 10 is reserved for Serenity, based on present facts.

Investment Details

Type: Crowdsale

Symbol: SRNT

Pre-Sale: Concluded

Public Sale: January 25th-March 7th, 2018

PaymentsAccepted: ETH (KYC Required)

Disclaimer: The writer has no position in Serenity at the time of writing.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (1 votes, average: 1.00 out of 5)You need to be a registered member to rate this.Loading...

ICO Heist

The highly anticipated Bee Token crowdsale was the target of a phishing scam on Thursday, with hackers luring hundreds of unsuspecting investors over email and Telegram. The company, which launched its crowdraise on Jan. 31, had repeatedly warned investors to be weary of fake URLs designed to siphon their funds. Bee Token also warned investors to ignore any communications claiming to represent the company.

Those warnings were echoed in a Jan. 31 tweet from the official @thebeetoken handle:

“Please do not fund ETH to addresses that have the following warning: “Warning! There are reports that this address was used in a (BeeToken) Phishing scam.”

The company has since issued a second security announcement through its Medium blog, where it said there is only one funding address and one mode of communication with investors. The blog post read:

“The Funding Address can only be found at https://tokensaleinfo.beetoken.com. The Funding Address will not be communicated via any other means. Any other address should be considered fraudulent.”

Bee Token is a home sharing platform that connects hosts and guests over a decentralized network. Its aim is to disrupt the fast-growing sharing economy by offering lower transaction fees and better incentives without the middleman.

Hacked conducted an ICO Analysis of Bee Token last month, with the project receiving a 7.5 out of 10. That puts it among the strongest ICO candidates we’ve ever reviewed.

At the time of writing, the project had raised $4.6 million with more than 26 days left to go.

ICO Theft on the Rise

Funds raised via ICO have become more attractive for cyber criminals wishing to capitalize on the booming cryptocurrency market. According to a recently published report by big-five consulting firm Ernst & Young, 10% of the ICO funds generated in 2017 have been stolen by hackers. That represents a monetary value of nearly $400 million, based on the metric used in the study.

Cryptocurrency exchanges have long been subject to security breaches, with dozens of platforms losing billions since 2014. Tokyo-based Coincheck was recently subject to the biggest crypto heist of all time after attackers diverted 500 million NEM tokens to their accounts. The thieves have since tried to unload the coins on at least six international exchanges. Their identity or whereabouts have not been verified.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (1 votes, average: 5.00 out of 5)You need to be a registered member to rate this.Loading...

4.5 stars on average, based on 145 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.